Accounts

Version 2.
1 06/08/07 Ref:200610/NCB/I247/Pol230/LP/db
STANDARD OPERATING PROCEDURE ISSUANCE OF THE USER ACCOUNTS ON INTERPOL RESTRICTED WEBSITE
EDPS/NCB/I-247 & EDRM/SEC Interpol GS
Table of Contents Definitions ........................................................................................................ - 2 Purpose ........................................................................................................... - 5 Scope ........................................................................................................... - 5 Legal framework .............................................................................................. - 5 Procedure ........................................................................................................ - 6 Requests for opening of the user account.................................................... - 6 Internal validation for requests sent by NSO or Director of Application ........ - 7 1. Internal validation for requests sent by NSO......................................... - 7 2. Internal validation for requests sent by Director of application.............. - 8 Access rights ............................................................................................ - 9 Creation of user accounts and association of access rights......................... - 9 Registration and notification ......................................................................... - 9 Auditing ...................................................................................................... - 10 Notification of account creation .................................................................. - 10 Validity and revision ....................................................................................... - 10 Appendix 1 - Interpols restricted website https://www.interpol.int user account creation form ............................................................................. - 11 Appendix 2 Account creation information form .................................... - 13 Appendix 3 List of restricted applications on the Interpol Restricted Website with competent Director of application ...................................... - 14 -
-1-
Version 2.1 06/08/07 Ref:200610/NCB/I247/Pol230/LP/db
Definitions
Interpols Restricted Website Interpols secure website made accessible to any authorized entity with a view to achieve the Organizations aims (Art.2 and 3 Constitution). URL: https://www.interpol.int User Account = UA User account corresponds to the association between a User Name and a Password. In order to define Access Rights, each unique User Account will be allocated one of the pre-defined User Profiles. Access Rights - The entitlements granted to users duly representing an authorized entity that enable them to access and process (for example consult, communicate, update, delete) data and files within Interpols information system, pursuant to the relevant Interpol rules and within the limits of the activities and authorizations of the authorized entity. User Profile corresponds to the association between a User Account and default Access Rights for Interpols Restricted Website. I-24/7 Security Compliance Officer is an official of the General Secretariat in charge, amongst other duties specified in the post description, of the issuance of the User Accounts for the Interpols Restricted Website, drafting and implementation of the policies and of the standard operating procedures for issuance of the User Accounts for the Interpols Restricted Website.
-2-
Authorized Entity - any entity authorized by the General Assembly, National Central Bureaus, or the General Secretariat to access Interpols information system, including Interpols restricted website, within the conditions set by the General Assembly, 1 the National Central Bureaus concerned2, or the General Secretariat. NSO = National Security Officer: an NCB officer or group of NCB officers with defined role and responsibilities in the I-24/7 Security Charter and NSO Functions and Responsibilities reference document: 2005-05/I-247CSD/LPvp/486 and the texts to which they refer. Director of Application - an official of the General Secretariat in charge of a specific application which has a higher confidentiality level than the information usually found on Interpols Restricted Website. Access rights are therefore granted on a need to know basis. List of applications to be validated by the Directors of Application concerned can be found in Appendix 3 of this policy document. Account Central Evidence (ACE) an internal IPSG administrative database of the user accounts and corresponding access rights, containing relevant additional information for the purpose of implementing obligations of transparency pursuant to the Rules on the processing of information for the purposes of international police co-operation (RPI) and the texts to which they refer. This administrative database is the sole centralized evidence relating to user accounts and access rights and is managed by I247SCO.
Pursuant to Art.1.f. Rules on the processing of information for the purposes of international police cooperation (RPI): Authorized national institution means any official public national institution or any entity legally authorized to fulfill the role of a public institution in enforcing the criminal law and which has received the express authorization of its country's NCB to consult or provide information via the Organization's channels within the limits set by the said NCB. Pursuant to Art.1.g. RPI an authorized international entity means any entity, as referred to in Article 41 of the Constitution, which has concluded an agreement with the Organization authorizing it to process information directly through the Organization's channels Pursuant to Art.1.f. Rules on the processing of information for the purposes of international police cooperation (RPI): Authorized national institution means any official public national institution or any entity legally authorized to fulfill the role of a public institution in enforcing the criminal law and which has received the express authorization of its country's NCB to consult or provide information via the Organization's channels within the limits set by the said NCB. Pursuant to Art.1.g. RPI an authorized international entity means any entity, as referred to in Article 41 of the Constitution, which has concluded an agreement with the Organization authorizing it to process information directly through the Organization's channels
2
-3-
The database does not contain passwords relating to the user name. The database can be shared within different departments of the General Secretariat if necessary and for administrative purposes and consultation only. Requesting Authority (RQ) is the person or group of persons authorized to request the opening of user accounts on https://www.interpol.int , namely NSO - for National Central Bureaus and authorized national institutions as defined in Art. 1.f. of the RPI (see footnote 1) Director of application at the General Secretariat for any authorized entity other than National Central Bureaus and authorized national institutions. The Director of application can only request issuance of the User Account if the request concerns the application within his/her competence.
ASCII The standard ASCII character set consists of 128 decimal numbers ranging from zero through 127 assigned to letters, numbers, punctuation marks, and the most common special characters. The Extended ASCII Character Set also consists of 128 decimal numbers from 128 through 255 representing additional special, mathematical, graphic, and foreign characters. Table of ASCII characters:
-4-
Purpose
The purpose of this standard operating procedure is to ensure that: all user accounts for Interpols Restricted Website (https://www.interpol.int) are issued according to a uniform procedure; all user account data received from the Requesting Authority (RQ) are complete and accurate; The administrative database Accounts Central Evidence (ACE) containing the user accounts and access rights comply with obligations of transparency imposed on the General Secretariat and National Central Bureaus pursuant to the Rules on the processing of information for the purposes of international police co-operation (RPI) and the texts to which they refer.
Scope
This SOP applies to all user accounts and access rights relating to Interpols Restricted Website and concerning any authorized entity.
Legal framework
This standard operating procedure has been developed by the General Secretariat acting in accordance with its mandate to serve as a technical and information centre (Art.26 Constitution) and to develop and verify the security of the telecommunications networks and databases (art.4.1.and 9. a-b-c Rules on the Processing of information for the purposes of international police cooperation). This standard operation procedure has been developed within the legal framework of the: Interpols Constitution; Rules on the Processing of Information for the purposes of international police cooperation (RPI) and texts to which they refer; NCB Service Standards as approved at ICPO-Interpol General Assembly, 73rd Session, Cancun, October 2004; I-24/7 Security Charter as approved at ICPO-Interpol General Assembly, 72nd Session, Benidorm, Spain, September 2003.
-5-
Interpols Restricted Website Accounts and Password Policy (Reference number 2006-10/NCB/I247/Pol230/LP/db);
Procedure
Requests for opening of the user account
Requests for opening a user account are made by Requesting Authorities (RQ as defined above) for duly authorized entities only. Requests for opening of a user account are sent via e-mail by the RQ to the I247SCO. Each e-mail should provide the following user account data: Name of entity concerned by the request for opening a user account: (NCB or any other authorized entity.) Category of authorized entity if applicable: ! for authorized national institutions: police, customs, gendarmerie, other institution; ! for authorized international entities: law enforcement international organization/non law enforcement international organization. Forename, name, position and contact details of the user, designated by the NCB or any other authorized entity to access specific applications made available on the Interpols restricted website for the purposes of international police co-operation. Forename, name, position, contact details of designated users supervisor. Specific purpose of access rights. Scope of access rights. To be valid, requests issued by the Director of Application must concern access rights for at least one application with restricted access.
The request form can be found at Appendix 1 of this document. The list of applications with restricted access and Director of application can be found at Appendix 3.
-6-
Internal validation for requests sent by NSO or Director of Application

1. Internal validation for requests sent by NSO
1.1. User account data completed Upon receipt, the request will initially be validated by I247SCO after having checked if all required User Account data have been provided in the request form. If all user account data are completed, I247SCO validates the request and clearly indicates on the request that the required user account data have been provided, with following text: Creation of account for ... is validated. User account data are complete I247 SCO then forwards the request form to the General Secretariats department, namely the Director of Application concerned by the requested access rights to decide about the validity of the request for Access Rights. 1.2. User Account data not completed If the NSO concerned does not provide all required user account data, the creation of the user account will be refused and a message will be sent to the NSO concerned with following text: Creation of account for _____________ is refused. User account data are not completed. Please check the request. The above request for checking will be sent to the NSO concerned not later than 24 hours after receipt of his initial request for user account issuance. If this above request is not answered within 48 hours, I247SCO will not create the user account. The following message will be sent to the NSO concerned: Creation of account for ___________ is refused. Missing additional data for validation not received. I247SCO must indicate date and time of the refusal of the account creation on the request form. The validation process can take up to 72 hours for the creation of the user account. -7-
2. Internal validation for requests sent by Director of application

2.1. User account data completed Upon receipt, the request will initially be validated by I247SCO after having checked if all required User Account data have been provided. I247SCO must check the validity of the authorization granted to the entity concerned on which behalf the Director of Application sent the request for issuance user account. If all user account data are completed, I247SCO validates the request and clearly indicates on the request that the required user account data have been provided with following text: Creation of account for ... is validated. User account data are complete
2.2. User account data not completed If the Director of application does not provide all required user account data, the creation of the user account will be refused and a message will be sent to the Director of Application concerned with the following text: Creation of account for _____________ is refused. User Account data are not complete. Please check the request. I247SCO must indicate date and time of the refusal of the User Account creation on the request form. The above request for checking will be sent to the NSO concerned not later than 24 hours after receipt of his initial request for user account issuance. If this above request is not answered within 48 hours, I247SCO will not create the user account. The following message will be sent to the NSO concerned: Creation of account for ___________ is refused. Missing additional data for validation not received. I247SCO must indicate date and time of the refusal of the account creation on the request form.
-8-
The validation process can take up to 72 hours for the creation of the user account.
2.3. User Account Creation The User Account will be created and associated with Access Rights only for the application which is within the competence of requesting Director of Application.
If the request concerns an existing User Account registered in the Account Central Evidence (ACE) database, the additional Access Rights requested will be added to the existing Access Rights on said existing User Account. Access rights
Only Directors of application at the General Secretariat can grant or refuse access rights relating to applications within their competence and in conformity with this SOP and Interpols Restricted Website Accounts and Password Policy (Reference 2006-10/NCB/I247/Pol230/LP/db) valid for the application they are giving access to.
Creation of user accounts and association of access rights

In case of validation as described above, I247SCO will create an account and associate access rights for the user account as requested. I247SCO must indicate date and time of creation of the account on the request form.
Registration and notification

I247SCO must enter all data in to the ACE database that is listed on the requesting form for opening User Account for Interpols Restricted Website. The password associated with the username must not be entered into the ACE database and must not be kept in hard copy within the General Secretariat.
-9-
A hard copy of each request must be made once the process is concluded. It is signed by I247SCO and filed in the corresponding locked cabinet.
Auditing
I247SCO provides a monthly report to the Assistant director EDPS-NCB-I247 and to the Information Security Manager (ISM) on the number of accounts created and the number of accounts refused. The accounts creation procedure, this SOP and Interpols Restricted Website Accounts and Password Policy (Reference 2006-10/NCB/I247/Pol230/LP/db) as well as the consistency of the ACE database records will be audited once a year by I247SCO and once every two years by EDRM-MPP, the Interpol internal audit team.
Notification of account creation

Upon creation and registration in the ACE of the user account, I247SCO must notify the RQ accordingly by using the form in Appendix 2 of this document, providing username and access rights. This notification is done via e-mail. The RQ must acknowledge receipt of the above e-mail to I247SCO. I247SCO will then send the corresponding password to the RQ for the respective user account.
Validity and revision

This SOP is valid until it is revoked by ICPO -Interpol General Secretariat. Created: December 16th 2006, I-24/7 SCO, Version 1.0 Revised: December 17th 2006, ISM, Version 1.1 Revised: January 27th 2007, OLA, Version 2.0 Revised and approved: Secretary General, 2007
- 10 -
Appendix 1 - Interpols restricted website https://www.interpol.int user account creation form

User account data Requesting authority (RQ)
(=National Security Officer or IPSG Director of Application):
If RQ is NSO: please specify name of entity for which the request is made:t: (name of NCB or/and of national authorized 3 institution ). If RQ is Director Application, IPSG of
Date
please name of entity for which the request is made (name of international authorized 4 entity / other entity.):
Date of Interpol:
agreement
with
Category of authorized entity: for authorized national institution, please specify: customs, other institution:
police, gendarmerie,
For authorized international entities, please specify law enforcement or not law enforcement:
For other authorized entities, please specify:
Name of designated user: Forename: Position within entity concerned:

3
Art.1.f. Rules on the processing of information for the purposes of international police co-operation (RPI): Authorized national institution means any official public national institution or any entity legally authorized to fulfil the role of a public institution in enforcing the criminal law and which has received the express authorization of its country's NCB to consult or provide information via the Organization's channels within the limits set by the said NCB. Art.1(g) RPI: Authorized international entity means any entity, as referred to in Article 41 of the Constitution, which has concluded an agreement with the Organization authorizing it to process information directly through the Organization's channels.
- 11 -
Address: Phone: Fax: E-mail: Name of supervisor: Forename: Position within entity concerned: Phone: Fax: E-mail: Scope of Access Rights:
Purpose of Access Rights:
For I247 SCO use only
For Director of application use only
Approved: Yes / No
- 12 -
Appendix 2 Account creation information form

Interpols Restricted website https://www.interpol.int user account creation information form User account Data Authorized Entity concerned: NCB (name): Authorized national institution: Authorized international institution: Other institution: Name of designated user: Forename: Position:
Access approved: YES / NO
Username: Scope of Access Rights:
NB.
Please
acknowledge
receipt
of
this
message
to
- 13 -
Appendix 3 List of restricted applications on the Interpol Restricted Website with competent Director of application
THB (Trafficking in Human Beings) - EDPS/SCA/THB OCM (Millennium Project) - EDPS/SCA/DCO FTF (Fusion Task Project) - EDPS/SCA/PST GA (General Assembly) and EC (Executive Committee) - EDRM/MB/MCP EU (European Committee) EDPS/NCB/EUR and ECF (European Contact Officers) -
Daily News: EDPS/OS/CDP/DTSB DNA, DNAR - EDPS/OS/FTD/IDDN Orange Notices accessible to international organisations OLA UN Notices - EDPS/PSO SG (Only for General Secretariat, MPP documents for Secretary General) EDRM/MPP/PDU International co-operation G8 law enforcement project and International cooperation G8 terrorist Kindnaps project - EDPS/SCA/THB Formatrain trainers and ZFF project - EDPS/SCA/DCO Payment Cards - EDPS/OS/FTD/CSDB
- 14 -

Accounts

Transféré par

Informations du document

Description originale:

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

Accounts

Transféré par

Droits d'auteur :

Formats disponibles

Version 2.

Version 2.1 06/08/07 Ref:200610/NCB/I247/Pol230/LP/db

Version 2.1 06/08/07 Ref:200610/NCB/I247/Pol230/LP/db

Version 2.1 06/08/07 Ref:200610/NCB/I247/Pol230/LP/db

Version 2.1 06/08/07 Ref:200610/NCB/I247/Pol230/LP/db

Version 2.1 06/08/07 Ref:200610/NCB/I247/Pol230/LP/db

Version 2.1 06/08/07 Ref:200610/NCB/I247/Pol230/LP/db

Internal validation for requests sent by NSO or Director of Application

Version 2.1 06/08/07 Ref:200610/NCB/I247/Pol230/LP/db

2. Internal validation for requests sent by Director of application

Version 2.1 06/08/07 Ref:200610/NCB/I247/Pol230/LP/db

Creation of user accounts and association of access rights

Registration and notification

Version 2.1 06/08/07 Ref:200610/NCB/I247/Pol230/LP/db

Notification of account creation

Validity and revision

Version 2.1 06/08/07 Ref:200610/NCB/I247/Pol230/LP/db

Appendix 1 - Interpols restricted website https://www.interpol.int user account creation form

For other authorized entities, please specify:

Name of designated user: Forename: Position within entity concerned:

Version 2.1 06/08/07 Ref:200610/NCB/I247/Pol230/LP/db

Purpose of Access Rights:

For I247 SCO use only

For Director of application use only

Version 2.1 06/08/07 Ref:200610/NCB/I247/Pol230/LP/db

Appendix 2 Account creation information form

Access approved: YES / NO

Username: Scope of Access Rights:

Version 2.1 06/08/07 Ref:200610/NCB/I247/Pol230/LP/db

Vous aimerez peut-être aussi